flash

document-933340782.xlsm

Status: finished
Submission Time: 07.04.2021 10:46:00
Malicious
Exploiter
Evader
Hidden Macro 4.0

Comments

Tags

Details

  • Analysis ID:
    383151
  • API (Web) ID:
    668443
  • Analysis Started:
    07.04.2021 10:46:01
  • Analysis Finished:
    07.04.2021 11:00:16
  • MD5:
    766f5bb363db9a966b613a42a118798a
  • SHA1:
    57e67742fd7e7fa0badddca5b2cceb4cf09048a7
  • SHA256:
    9952ce93009bb9fe2b687053da8db61f551cd524ca2691669257c35aaba18832
  • Technologies:
Full Report Management Report IOC Report Engine Info Verdict Score Reports

System: Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)

malicious
88/100

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run Condition: Potential for more IOCs and behavior

malicious
88/100

malicious
23/62

malicious
7/37

malicious
14/29

malicious

IPs

IP Country Detection
103.68.166.129
Singapore
143.95.33.96
United States
66.36.231.40
United States
Click to see the 2 hidden entries
50.23.112.133
United States
31.170.166.139
United States

Domains

Name IP Detection
holmesservices.mobiledevsite.co
103.68.166.129
kristen.sbddev.com
50.23.112.133
tienda.ventadigital.com.ar
31.170.166.139
Click to see the 2 hidden entries
nellaimasthanbiryani.com
66.36.231.40
thirdstringcalifornia.com
143.95.33.96

URLs

Name Detection
http://tienda.ventadigital.com.ar/ds/2803.gif
http://nellaimasthanbiryani.com/ds/2803.gif
http://thirdstringcalifornia.com/ds/2803.gif
Click to see the 11 hidden entries
http://holmesservices.mobiledevsite.co/ds/2803.gif
http://kristen.sbddev.com/ds/2803.gif
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
http://www.windows.com/pctv.
http://investor.msn.com
http://www.msnbc.com/news/ticker.txt
http://www.icra.org/vocabulary/.
http://investor.msn.com/
http://kristen.sbddev.com/cgi-sys/suspendedpage.cgi
http://windowsmedia.com/redir/services.asp?WMPFriendly=true
http://www.hotmail.com/oe

Dropped files

Name File Type Hashes Detection
C:\Users\user\Desktop\~$document-933340782.xlsm
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\suspendedpage[1].htm
HTML document, ASCII text, with very long lines
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2D8BBC4.png
PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced
#
Click to see the 9 hidden entries
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7387CA72.png
PNG image data, 485 x 185, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\75F3850F.png
PNG image data, 205 x 58, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D5F5A0F5.png
PNG image data, 24 x 24, 8-bit/color RGB, non-interlaced
#
C:\Users\user\AppData\Local\Temp\C1DE0000
data
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Wed Apr 7 16:46:39 2021, atime=Wed Apr 7 16:46:39 2021, length=12288, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\document-933340782.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:13 2020, mtime=Wed Apr 7 16:46:39 2021, atime=Wed Apr 7 16:46:39 2021, length=108482, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\Desktop\82DE0000
data
#
C:\Users\user\iekdhfe.dsk
HTML document, ASCII text, with very long lines
#